尝试执行从char到int指针的类型转换时违反MISRA C-2012规则11.3 [英] MISRA C-2012 Rule 11.3 violation while trying to do a typecast from char to int pointer

问题描述

我正在尝试从我的代码中删除规则11.3.

I am trying to get rid of Rule 11.3 from my code.

示例代码:

static int32_t 
do_test(const char *cp)
{
    const char *c = cp;
    const int32_t *x;
    x = (const int32_t *)cp;

    return *x;
}

我希望* c和* x的值相同.即使代码正在编译并提供正确的值，"x =(int32_t *)cp;"导致违反11.3和11.8

I want the value of *c and *x to be same. Even-though the code is compiling and giving the correct value, "x = (int32_t *)cp;" causing violation of 11.3 and 11.8

违反第11.3条:具有指针类型的对象不得转换为指向其他对象类型的指针.

Rule 11.3 violation: An object with pointer type shall not be converted to a pointer to a different object type.

我尝试使用void指针，但是结果与我预期的不同，并且还导致了其他违规行为.

I have tried with void pointer, but the result was not same as what I expected and also it resulted in additional violation.

是否有消除这些违规行为的方法?

Is there anyway to remove these violations ?

在MISRA C 2012文档中，他们提到像该规则存在例外，因为允许将对象类型的指针转​​换为对象类型char，有符号char或无符号char之一的指针.该标准保证可以使用指向这些类型的指针来访问对象的各个字节.

From MISRA C 2012 Document they are mentioning like there is an exception for this rule as it is permitted to convert a pointer to object type into a pointer to one of the object types char, signed char or unsigned char. The Standard guarantees that pointers to these types can be used to access the individual bytes of an object.

由于字符类型而忽略Dir 4.6.

Ignore Dir 4.6 due to char type.

推荐答案

很幸运，您正在使用MISRA-C，因为此代码充满了错误.您无法通过强制转换来消除错误.

You are lucky you are using MISRA-C, because this code is full of bugs. You cannot make the bugs go away with a cast.

• 错误1.字符指针不一定对齐，在这种情况下，您的代码将根据C标准6.3.2.3/7调用未定义的行为:

• Bug 1. The character pointer is not necessarily aligned, in which case your code invokes undefined behavior as per the C standard 6.3.2.3/7:

指向对象类型的指针可以转换为指向不同对象类型的指针.如果生成的指针未针对引用的类型正确对齐，则行为未定义.

A pointer to an object type may be converted to a pointer to a different object type. If the resulting pointer is not correctly aligned for the referenced type, the behavior is undefined.

错误2.该代码包含公然的严格混叠违规行为.根据C标准6.5/7，这始终是未定义的行为.

Bug 2. The code contains a blatant strict aliasing violation. This is always undefined behavior as per the C standard 6.5/7.

您的假设标准保证可以使用指向这些类型的指针来访问对象的各个字节."是正确的:作为特殊的例外，C允许您从x指针转换为char指针，然后通过char指针访问数据. 但并非相反.

Your assumption "The Standard guarantees that pointers to these types can be used to access the individual bytes of an object." is correct: as a special exception C allows you to convert from a pointer-to-x to pointer to char and then access the data through the char poiner. But not the other way around.

您的代码不是访问单个字节；从字符数组到32位类型，您将采取另一种方法.这是不允许的.参见什么是严格的别名规则?.

Your code is not accessing individual bytes; you are going the other way around, from an array of characters to a 32 bit type. This is not allowed. See What is the strict aliasing rule?.

正确的代码，对于C语言和MISRA-C来说都应该可以:

Correct code, that should be ok with both the C language and MISRA-C:

static int32_t do_test(const char *cp)
{
  return (int32_t) ((uint32_t)cp[0] << 24u) |
                   ((uint32_t)cp[1] << 16u) |
                   ((uint32_t)cp[2] <<  8u) |
                   ((uint32_t)cp[3]);
}

此移位版本始终是首选，因为它独立于病历，因此可移植.强制转换为uint32_t可以防止在8/16位系统上进行隐式提升，此外，绝对不要对有符号类型进行位移位.

This shift version is always preferred, as it is endianess independent and therefore portable. The casts to uint32_t are necessary to prevent implicit promotions on 8/16 bit systems, plus you should never do bit shift on signed types.

这篇关于尝试执行从char到int指针的类型转换时违反MISRA C-2012规则11.3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！